Solved

VERY STRANGE Image Size behavior (when PHP script sends image to browser)

Posted on 2003-11-24
6
246 Views
Last Modified: 2008-03-17
I'm using a PHP Script to read a file from outside of the document root, and sends it to the browser.

The problem is that I.E. Does not correctly "understand" the size fo the image (when I right click and select properties it says "Not Specified".  

I've tracked this down to the fact that I am calling session_start() before sending the image.  As a result, the session cookie is sent to the browser before the image data and when this happens, i.e. doesn't correctly understand the image size (for some bizarr reason).

At any rate, if I simply comment out this line, the image works EXACTLY as though it's accessed directly (not through the script).  The problem is that I need data from the session to determine which image to show.

So - my question is:

1) Is there any way to access the session data without sending a session cookie to the browser (just from my "picture" script).

2) Does anyone understand why this causes a problem in I.E. and is there any other way around it?

Thank you in advance for any help you can provide.  The script is included below:

picture.php:
            session_start();
            $filename = "/tmp/files/" . $_SESSION['filename'];
            header("Accept-Ranges: bytes");
            header("Content-Length: " . filesize($filename));
            header("Connection: close");
            header("Content-Disposition: inline; filename=" . $_SESSION['filename']);
            header("Content-Type: image/gif");
            $fd = fopen ($filename, "r");
            echo fread ($fd, filesize ($filename));
            fclose ($fd);


Again - All I have to do is just // session_start() and everything works PERFECTLY.  

Thoughts?
0
Comment
Question by:kalliopi
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:ashoooo
ID: 9813419
Can you wrap your image in an HTML file? for eg...

picture.php:
          session_start();
          <html><head></head>
          <body><img src="pictureGen.php?name=<?php echo$_SESSION[filename]; ?>"></body></html>


pictureGen.php:
          $filename = "/tmp/files/" . $_GET['filename'];   // $_SESSION['filename'] has been changed to $_GET['name']
          header("Accept-Ranges: bytes");
          header("Content-Length: " . filesize($filename));
          header("Connection: close");
          header("Content-Disposition: inline; filename=" . $_GET['name']);
          header("Content-Type: image/gif");
          $fd = fopen ($filename, "r");
          echo fread ($fd, filesize ($filename));
          fclose ($fd);

This is just a workaround...
0
 
LVL 6

Author Comment

by:kalliopi
ID: 9813799
Thanks for the input.  I probably should have been more clear.  The whole reason for needing the session data is for security purposes.  I don't want to have to pass the filename to the file for security purposes.  The session looks up the filename in a database and verifies that the user who's logged in (also tracked in the session) has access to that file.  If I pass the filename and just print whatever's passed, the security would be lost and the person viewing the picture would be able to look at any file in the /tmp/files directory.  Does that make sense?  

It seems like I should be able to READ the session data (from a particular script) without sending the session cookie data back to the client (just from that one script).  I just don't know how to do that.  I've tried working with output buffering, and then clearning the output buffer right before sending the image data but unfortunately, output buffering does not appear to effect header data...

Thoughts?
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9813914
Hmmm,

The cookie should be already on the client, and you shouldn't have to send it again, so all you want to do is read the cookie, and not resend it.

One possible workaround would be to tell sessions in that particular file not to use cookies. You might then have to copy the data from $_COOKIE to $_GET(or $_REQUEST), to fool PHP  into thinking that the SID had come from a GET(or POST) variable, and not the cookie, before calling session_start().

Let us know if it works.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Author Comment

by:kalliopi
ID: 9814508
aolXFT - this looks promising and I played around a little bit with turning cookies off for that specific file, but I couldn't figure it out specifically.

Can you be a little bit more explicit?
0
 
LVL 6

Accepted Solution

by:
aolXFT earned 250 total points
ID: 9827385
I haven't much time right now, but try

ini_set('session.use_cookies', 0);
session_start();


0
 
LVL 6

Author Comment

by:kalliopi
ID: 9827861
Thank you aolXFT - that was perfect.  It did EXACTLY what I wanted.  I actually had to also add ini_set('session.cache_limiter', ''); as well, but you certainly pointed me in the right directly.  

That's AWESOME.  Thank you.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question